In article <20141226020448.ee93.280fc...@netmail.ie>,
Gerard Lally <lists+netbsd.us...@netmail.ie> wrote:
>I have been struggling to get NPF up and running on a NetBSD VPS,
>specifically a Xen domU. I really think for security reasons NPF should
>be nearly ready to go, so that we don't have to spend hours researching
>and pulling our hair out trying to fix what should be a straightforward
>issue, which leaves a machine vulnerable when it probably needs
>protection most. It appears this problem came up some years ago, but
>Googling provides me with no fix.
>
>I understand that NetBSD as a Xen domU does not support kernel modules.
>So the recommendation in the NPF documentation to "modload" npf_ext_log
>does not apply here. Fine, I took a wild guess and compiled a new Xen
>domU kernel with the following two lines added to make sure NPF logging
>and normalisation functionality was compiled into the kernel instead:
>
>options NPF_EXT_LOG
>options NPF_EXT_NORMALISE
>
>Needless to say I also made sure pseudo-device npf was enabled as well.
>
>I also made sure /dev/npf existed, and I created /etc/ifconfig.npflog0
>with just the word "create".
>
>I kept the contents of npf.conf to a minimum for troubleshooting, but
>NPF just refuses to load. This is the error I get at boot:
>
>npfctl: cannot open '/dev/npf': Device not configured
>npfctl: cannot open '/dev/npf': Device not configured
>/etc/rc.d/npf exited with code 1
See if the device driver for npf is registered with the kernel correctly:
$ sysctl kern.drivers | tr , '\n' | grep npf
[198 -1 npf]
Make sure that the device numbers are correct:
$ ls -l /dev/npf
crw------- 1 root wheel 198, 0 Oct 13 2013 /dev/npf
Look at the ktrace output and see what operation fails:
$ ktrace /sbin/npfctl start
$ kdump | less
christos
